Mercurial > hg > nginx-tests

changeset 1447:e1c64ee44212

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added $ssl_server_name tests with SSL session reuse.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 04 Mar 2019 13:02:36 +0300
parents 44973a23b031
children c1b969fc7a23
files ssl.t stream_ssl_variables.t
diffstat 2 files changed, 44 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/ssl.t
+++ b/ssl.t
@@ -31,7 +31,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE(
 plan(skip_all => 'IO::Socket::SSL too old') if $@;
 
 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
-	->has_daemon('openssl')->plan(23);
+	->has_daemon('openssl')->plan(25);
 
 $t->write_file_expand('nginx.conf', <<'EOF');
 
@@ -62,6 +62,9 @@ http {
         location /reuse {
             return 200 "body $ssl_session_reused";
         }
+        location /sni {
+            return 200 "body $ssl_session_reused:$ssl_server_name";
+        }
         location /id {
             return 200 "body $ssl_session_id";
         }
@@ -224,6 +227,27 @@ like(get('/', 8083), qr/^body \.$/m, 'se
 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session');
 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2');
 
+# ssl_server_name
+
+SKIP: {
+skip 'no sni', 2 unless $t->has_module('sni');
+
+$ctx = new IO::Socket::SSL::SSL_Context(
+	SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+	SSL_session_cache_size => 100);
+
+like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name');
+
+TODO: {
+local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
+	&& !$t->has_version('1.15.10');
+
+like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused');
+
+}
+
+}
+
 # ssl certificate inheritance
 
 my $s = get_ssl_socket($ctx, port(8081));
@@ -307,6 +331,7 @@ sub get_ssl_socket {
 			PeerPort => $port,
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_reuse_ctx => $ctx,
+			SSL_hostname => 'localhost',
 			SSL_error_trap => sub { die $_[1] },
 			%extra
 		);
--- a/stream_ssl_variables.t
+++ b/stream_ssl_variables.t
@@ -40,7 +40,7 @@ eval {
 };
 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
 
-my $t = Test::Nginx->new()->has(qw/stream stream_ssl sni stream_return/)
+my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
 	->has_daemon('openssl');
 
 $t->write_file_expand('nginx.conf', <<'EOF');
@@ -55,13 +55,12 @@ events {
 stream {
     ssl_certificate_key localhost.key;
     ssl_certificate localhost.crt;
+    ssl_session_cache builtin;
 
     server {
         listen  127.0.0.1:8080;
         listen  127.0.0.1:8081 ssl;
         return  $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol;
-
-        ssl_session_cache builtin;
     }
 
     server {
@@ -90,7 +89,7 @@ foreach my $name ('localhost') {
 		or die "Can't create certificate for $name: $!\n";
 }
 
-$t->run()->plan(5);
+$t->run()->plan(6);
 
 ###############################################################################
 
@@ -107,12 +106,27 @@ my $ses = Net::SSLeay::get_session($ssl)
 like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/,
 	'ssl variables - session reused');
 
+SKIP: {
+skip 'no sni', 3 unless $t->has_module('sni');
+
 ($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com');
 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name');
 
+TODO: {
+local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
+	&& !$t->has_version('1.15.10');
+
+my $ses = Net::SSLeay::get_session($ssl);
+($s, $ssl) = get_ssl_socket(port(8082), $ses);
+is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name - reused');
+
+}
+
 ($s, $ssl) = get_ssl_socket(port(8082));
 is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty');
 
+}
+
 ###############################################################################
 
 sub get_ssl_socket {